Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 39: FEDORA-2024-5e50570506 Critical: gifsicle DoS Fix

fedora
Calendar Grey March 1, 2024
Dist Fedora Esm H88
The recent upgrade to gifsicle 1.95 for Fedora 39 brings essential patches addressing vulnerabilities associated with GIF processing.
Update to 1.95

Summary

Gifsicle is a command-line tool for creating, editing, and getting

information about GIF images and animations.

Some more gifsicle features:

* Batch mode for changing GIFs in place.

* Prints detailed information about GIFs, including comments.

* Control over interlacing, comments, looping, transparency...

* Creates well-behaved GIFs: removes redundant colors, only uses local

color tables if it absolutely has to (local color tables waste space

and can cause viewing artifacts), etc.

* It can shrink colormaps and change images to use the Web-safe palette

(or any colormap you choose).

* It can optimize your animations! This stores only the changed portion

of each frame, and can radically shrink your GIFs. You can also use

transparency to make them even smaller. Gifsicle?s optimizer is pretty

powerful, and usually reduces animations to within a couple bytes of

the best commercial optimizers.

* Unoptimizing animations, which makes them easier to edit.

* A dumb-ass name.

One other program is included with gifsicle

and gifdiff compares two GIFs for identical visual appearance.

Update Information:

Update to 1.95

Topics%20covered

Topics Covered

security advisory DoS issue Fedora critical fix gifsicle

Change Log

* Wed Feb 21 2024 Orion Poplawski - 1.95-1 - Update to 1.95 CVE-2023-46009 (bz#2244935) CVE-2023-44821 (bz#2250064) * Wed Jan 24 2024 Fedora Release Engineering - 1.94-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Fri Jan 19 2024 Fedora Release Engineering - 1.94-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild

References


[ 1 ] Bug #2244935 - CVE-2023-46009 gifsicle: floating point exception vulnerability via resize_stream at src/xform.c https://bugzilla.redhat.com/show_bug.cgi?id=2244935 [ 2 ] Bug #2250064 - CVE-2023-44821 gifsicle: denial of service in Gif_Realloc calls https://bugzilla.redhat.com/show_bug.cgi?id=2250064

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-5e50570506' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: gifsicle
Product: Fedora 39
Version: 1.95
Release: 1.fc39
URL: http://www.lcdf.org/gifsicle/
Summary: Powerful program for manipulating GIF images and animations

Topics%20covered

Topics Covered

security advisory DoS issue Fedora critical fix gifsicle

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here